CVE-2019-1871
Last modified
CVE-2019-1871 is a vulnerability of currently unknown severity. A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. EPSS estimates a 3.29% chance of exploitation in the next 30 days.
Description
A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | 4.0\(1c\)hs3 |
| Cisco | Integrated Management Controller Supervisor | >= 3.0.0.0, < 3.0\(4k\) |
| Cisco | Integrated Management Controller Supervisor | >= 4.0.0.0, < 4.0\(4b\) |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1871?
How severe is CVE-2019-1871?
How do I fix CVE-2019-1871?
Are you affected by CVE-2019-1871?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST